CVE-2026-53841

MEDIUM NVD

CVSS Score 6.1

Severity MEDIUM

Published Jun 16, 2026

Vendor unknown

Description

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv
https://www.vulncheck.com/advisories/openclaw-cross-site-scripting-via-unsafe-markdown-links-in-exported-session-html